Malware Removal - Help!

I have had my computer for four years and never ever had problem - I perform regular maintenance and I am careful when surfing.

However, yesterday I was surfing several sites using tab browsing and I believe it was a guitar tab site that I clicked on by accident that downloaded a virus to my system before I could close it.

Suddenly some sort of rogue program popped up on my screen and began scanning all my files and my system went crazy so I shut it down manually. Next thing I knew I had the blue screen of death on restart.

I rebooted the computer in safe mode and looked around and found at least one system file called "ndisio.exe" that looked to be causing problems.

I performed the "Read & run Me First" malware removal guide and then proceeded to the Windows Cleaning for XP.

I had a few issues with my internet after running SUPERAntispyware but I reset winsock and repeated this after each program and it is fine.

My system seems to be running almost normal but I am concerned that I may have missed something since I am an complete amateur in this area

I am posting the logs from each of the four programs. I hope I did everything right.

Also, I could not locate my "folder Options" in my control settings to change my viewing of hidden files which is odd because I have changed them before. Not sure why this is.

I also ran Malwarebytes twice because the first time it said not all files could be removed and then the computer restarted.

When it did a prgoram I did not recognize kicked in and began scanning my system again (looked like the virus?) so I shut it down and did a reboot then re-ran Malwarebytes. I attached both logs below so I will have five total rather than 4.

Any help appreciated!!!! Thanks!

Relevance
100%

Preferred Solution:
Malware Removal - Help!

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I have had my computer for four years and never ever had problem - I perform regular maintenance and I am careful when surfing.

However, yesterday I was surfing several sites using tab browsing and I believe it was a guitar tab site that I clicked on by accident that downloaded a virus to my system before I could close it.

Suddenly some sort of rogue program popped up on my screen and began scanning all my files and my system went crazy so I shut it down manually. Next thing I knew I had the blue screen of death on restart.

I rebooted the computer in safe mode and looked around and found at least one system file called "ndisio.exe" that looked to be causing problems.

I performed the "Read & run Me First" malware removal guide and then proceeded to the Windows Cleaning for XP.

I had a few issues with my internet after running SUPERAntispyware but I reset winsock and repeated this after each program and it is fine.

My system seems to be running almost normal but I am concerned that I may have missed something since I am an complete amateur in this area

I am posting the logs from each of the four programs. I hope I did everything right.

Also, I could not locate my "folder Options" in my control settings to change my viewing of hidden files which is odd because I have changed them before. Not sure why this is.

I also ran Malwarebytes twice because the first time it said not all files could be removed and then the computer restarted.

When it did a prgoram I did not recognize kicked in and began scanning my system again (looked like the virus?) so I shut it down and did a reboot then re-ran Malwarebytes. I attached both logs below so I will have five total rather than 4.

Staff Advisory: This post needs to remain here until one of the malware team advise that it can be moved. This member cannot access our malware forums due to their infection. ~ Animal----------------------------------------------------------------------------------------------------------------------Hello, I got some help from some nice people in the live chat. I have made a log with your hijackprogram and am posting it at the bottom. It created two .txt files so there are two reports. I am unable to open ANY link that has the words anti-spyware anywhere on the page or in the address bar so unfortunately I cannot post this in the malware removal forum because the internet window closes every time. I am in dire need of some help! I have a subscription to spy sweeper and it is keeping things out but I was infected with Antivirus xp 2008 and possibly some viruses because the computer was un-protected for about a month while I was in the hospital..I run with Windows XP and a wireless connection. If someone could take the time to look at this for me I would be so incredibly thankful! I offer my services as a photographer/graphic artist/professional gift shopper/myspace designer/beginner web designer. You can see what I do at www.perfectionpictures.com and contact me if you need anything at all!Current Symptoms (in the order of appearance)Random Total system crash then restart then blue screen then back to windows. msvcp71.exe is missing so a program is being prevented ... Read more

Hi & welcome,I would like to try a couple things before we go much further so I have a bit better picture of what is happening and can take the needed cautions.1.) click start> run> type msconfig and hit enter.click "boot.ini" tabCheckmark /bootlogClick "apply" and "close"Reboot when askedLocate and delete this file:C:\windows\ntbtlog.txt (in case your extensions don't show it looks like a notepad)RebootLocate & post:C:\windows\ntbtlog.txt2.) Click start> run> type: cmd.exe and hit enter.type the following commands exactly as you see em & hit enter after each one:cd c:\windows\system32dir userinit.exeNote the file size please & report that back to me. Leave cmd open a sec.Back at the cmd window...Type:cd dllcachedir userinit.exedir spoolsv.exeNote file sizes & report that back to me.Type exit in the CMD window & hit enter. (this closes it)3.) Can you see also if you can get this program installed please:http://download.bleepingcomputer.com/hijac.../HJTInstall.exeSave file> run it> follow prompts to install excepting defaults.Allow it to "launch" hijackthis.Click the "Do a System Scan and Save a Log File" optionSave the log file and then it should open with NotepadGo to Edit, Select All and then Edit, Paste to paste the contents of the log hereLet me know if you had any problems with the above please.I advise keeping the system offline as much as possib... Read more

Apologies, but i'm a bit of a novice. my computer did a scan when i started it and came up with some trojans. when i tried to delete them, a malware removal programme tried to install itself so i closed the download dialog box. unfortunately, i cannot remember the name of the software that was trying to install itself. please would you review my log below and help me clean my computer?

many thanks---------------------------------------------------------------

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Hi,I have tried many ways to get rid of some Malware that has only recently infected my PV. I hope someone can help me as this is my work PC and I need to plug back into my office network in a few days, but think this would be a bad idea at the moment.The problem first showed itself by insisting I had many viruses etc, and I should install Internet Security 2010. I have installed Malware Bytes removal tool, and installed as instructed. It found the above, said it was removed, but still it appears to exist, although the name of the infection has changed a few times, and is currently redirecting my brower to a similar page to the above malware. A popup now shows that I should install Cyber Security to remove the infections. This is obviously another malicious antivirus/malware program.I have McAfee Enterprise installed (which I can't seem to disable)I have also run SuperAntiSpywarePlus, which did the trick removing a similar problem about a year ago on a different PC. However, although this program also finds problems, and supposedly removes t5hem, the problem is still there.Please help. I have shown Hijackthis log below.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:58:42 PM, on 29/12/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16945)Boot mode: NormalRunning processes:C:\windows\system32\csrss.exeC:\windows\system32\winlogon.exeC:\windows\system32\services.exeC:\windows\... Read more

Answer:Cyber Security removal; Malware removal not working

Hi,I have tried everything I know of to remove this pesky piece of malware. It seems to keep changing names, starting out as Internet Security 2010, and redirecting me on a google search to a webpage trying to convince I was riddled with viruii and malware, and then trying to sell me thier software, which is really just a scam. I ended up here after a few days of tearing my hair out, almost beaten. I went through the tutorials, but unfortunately that was before I fired off a post in desperation. Please delete my previous post, as I have now followed the suggested path, and run the utilities to help diagnose my problems. The resulting files are attached.Please help. I hope the files uploaded can provide an insight into whats happening.Apologies for jumping right in and posting a Hijackthis log before I had read the tutorials.ntents belowDDS.txt contents pasted belowDDS (Ver_09-12-01.01) - NTFSx86 Run by Greg.Middleton at 15:30:23.26 on Tue 29/12/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.3063.2330 [GMT 9.5:30]AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}============== Running Processes ===============C:\windows\system32\svchost -k DcomLaunchC:\windows\system32\svchost -k rpcssC:\windows\Syst... Read more

I have a dell xps 8300. It started acting up about 1 week ago (freezing while working online, freezing while trying to boot). Today i got the Blue screen asking me to restart if this was the first time I had received a blue screen.
I restarted it was fine for 30 minutes and everything froze.
I restarted it and I received error beeps ( 4 beeps)
I looked that up on dell support and they said it was RAM problems.
I opened up the computer vacuumed a bit, took out ram cards and reinstalled them.
It had been working o.k.for about 1 hour and only froze once more.
I decided to try the malware removal guide and here are the logs
Malware bytes did not find anything
TDSSKiller did not find anything
MGtools ran but as soon as it was done the window closed. i don't know how to find the log
Your help will be greatly appreciated

Answer:malware removal - have followed malware removal guide

I still want to see the log from Malware Bytes please.

MGtools ran but as soon as it was done the window closed. i don't know how to find the logClick to expand...

Should be directly on C:\ if that's where you boot Windows from. If you really cannot find the log, you'll have to run MGTools.exe again in order to produce a MGlogs.zip. Thanks.

I have run the malware removal intructions and when through each programs as they did remove some of the malware and virus. The issue that I am having is that when I open the computer under seperate user and try to run the malware removal programs via internet or through USB drive, I keep seeing a window which pops up asking me which program I want to use to open the program. I have run the computer under the adminstrator and do not seem to have problems running the

View attachment mbam-log-2011-03-28 (17-02-07).txt

View attachment combofix log.txt

View attachment SUPERAntiSpyware Scan Log - 03-28-2011 - 16-42-24.log

View attachment hijackthis.log

malware removal steps and have attached the reports from the intructions.

Even when I try to open add or remove programs under control panel- I get the following message: "C\windoesn\system32\rundll32.exe- application not found. I am thinking that It is something to do with AVG and have removed the program with the step.

Please help....

View attachment mbam-log-2011-03-28 (17-02-07).txt

View attachment combofix log.txt

View attachment SUPERAntiSpyware Scan Log - 03-28-2011 - 16-42-24.log

Answer:Help with malware removal- have run malware removal instructions

ssmehta007 said:

....try to run the malware removal programs via internet or through USB driveClick to expand...

SAS & MBAM
Installed to the Default Location - "C:/Program Files", as we suggest that you keep them after malware removal.

MGTools.zip
Download this file to the root folder of the drive where you have installed Windows (Typically this would be C:\ and thus you would have a C:\MGtools.exe file after downloading). ​
Please make those corrections and attach the missing RRlog.txt (from RootRepeal) and MGlogs.zip - normally it is C:\MGlogs.zip . Please tell me any problems you still have.

Since the ComboFix will not run on Vista or Windows 7 64-bit, I have to look for new malware/virus removal apps... It was good while it lasted. So what tools do people use for Vista these days when the computer says: "WARNING! YOURS COMPUTER IS AN INFECTED BY HARMFUL VIRUS!!!!"

Hello!In reading more of these threads I can see Im not the only one with the iexplore issue.Glad to know it can be corrected!!!!

I have multiple pop-ups and my computer is as slow as dirt.When I get home at 3:30 Calif time I will do the HJTInstall.exe thing and post the results.Would the results of one that was done two days ago help? Yes I was having the issue then and another company did one and told me to email it to someone, which I did but I havent heard anything back and my computer is close to useless at this point. Can MFDnNC or anyone else help?Thanks!!!!Ginny

I read and followed precisely "Vista and Win 7 Malware Removal/Cleaning Procedure"

My issue: I was informed my my isp the following: "Mail Log Parsed from Feb 15, 2013 19:47:04 to Feb 16, 2013 19:47:04 User sent approximately 141,801 messages to 136,591 unique recipients. There were 2598 bounces received in this period, 1 percent of the emails sent. "

I have AVG, running constantly. ISP changed my password to stop the mail. I ran AVG in safe mode. Still not sure trojan erradicated. ISP referred me to your site.

I performed all steps. I have attached all logs except TDSSKiller. While it ran clean, no apparent log was generated. All except RogueKiller found no issues. RogueKiller found as reflected in log.

Please advise if you believe my system is clean, or what further I should do. Since I haven't seemed to find anything, it's hard for me to be comfortable that it's clean.

Thank you emmensely!!

Mike Sieber

Answer:Help with malware removal--have performed removal instructions

Welcome to Major Geeks!

mike sieber said:

↑

I performed all steps. I have attached all logs except TDSSKiller. While it ran clean, no apparent log was generated. All except RogueKiller found no issues. RogueKiller found as reflected in log.Click to expand...

Not problems. It is just junk from AVG. All of your logs are clean. Many times when something like this happens, it is not an infection. It is due to a spammer/spammers getting your email login and password and they use it from other PCs to send out their spam. There are cases of infections that can cause spamming ( like some master boot record or partition infections ) but you show no signs of these.

If you are not having any other malware problems, it is time to do our final steps: We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.Go back to step 4 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.Goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to ... Read more

I posted the software forum yesterday and was instructed to complete the malware removal steps and repost here. I have a new computer running Windows 8.1. When I say new, I mean I started having problems within a couple of hours after turning it on!

I have McAfee antivirus protection and downloaded and installed my MSOffice 2013 Home and Student. All seemed to be fine. The MSOffice was up and running and McAfee said I was protected. Suddenly and I don't remember what I was doing...it said Microsoft something (sounded like an antivirus or firewall something) had detected several problems and I needed to "clean my computer". Oh so ignorant of all that was going on with learning Windows 8.1 after using XP for years I told it to clean. Somewhere in there it suggested I do a system restore. All seemed OK until I realized MSOffice was no longer there. I tried to download it again and reload, but with no luck. It occurred to me it had something to do with the system restore so I tried to undo the restore. That of course didn't help. I'm also now getting messages from McAfee that I am covered and safe but that my firewall is turned off and needs to be turned on. However I can get McAfee to do nothing. I can open a screen, but nothing I do makes it do anything. I tried downloading their "Virtual Technician" before I started the process you recommended and it acted like it was downloading, but 20 minutes later it was still "spin... Read more

Answer:malware removal help - removal instructions attempted

Can you try running the tools that were not working before including Hitman, in safe mode please. Let me know how you get on.

I have a co-worker, his computer has search redirect issue. That means most likely it has malware.Then i installed some major malware removal: Spybot Search & Destroy, SUPERAntiSpyware, Malwarebytes

After i installed them, i cannot launch them(That definitely means it has some kind of malwares)I needed to rename their .exe files, after i can run them and scan my computer.

SUPERAntiSpyware, Malwarebytes found something, but didn't solve the problem, search redirect and blocking malware removal software are still there. Now i am running Spybot Search & Destroy will see what happened.

By the way, i run them in safe mode because when i logon window to normal mode, it is slow (like it takes a long time to explore hard drive, etc). I suspect the malware slow down my pc. hopefully not registry corrupted or something, but works smoothly in safe mode.

So you guys have any suggestions? or you need a log file from combofix?

I have scanned with AVG with the latest updates. On top of that insidious google redirect I get random pop ups even when I don't already have IE or Firefox running. Also getting sounds in the background like I'm clicking on a link, surfing the net when I'm not. And SYSTEM in task manager is hogging a ton of memory.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 11:52:42 PM, on 8/7/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exeC:\... Read more

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OT... Read more

My computer having some malware activity, i have used adware 2008, spyware removal tool, norton anti-virus and other removal tool, but still those malware cannot be deleted.. My Computer icon could not display its properties, instead it appears like a file when you see its properties. It also disabled TCP/IP that why until now i cannot connect to the internet.. I don't have WindowsXP SP2 cd for repair..

I recommend that you read this article… "Having problems with spyware and pop-ups? - First Steps"; follow the instructions very carefully; then, post all the requested logs and information; as instructed, in the HiJackThis Log Help Forum.
(Simply, click on the coloured links to be re-directed.)

Please ensure that you create a new thread in the HiJackThis Log Help Forum; not back here in this one.

When carrying out The 5 Steps, if you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed.
However,it is extremely important to make mention of the fact that you could not complete any of the steps in your post to The HJT Help Forum; where an Analyst will assist you with other workarounds.

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.

I was surfing the web today and I believe I clicked on a pop up by mistake when I shouldn't have. Avira then blew up with Malware alerts and I knew I had a problem...

I did a virus scan and it removed the detections found but when I did a restart they were back again. Also, the virus seems to move itself around to other .exe files. I found it had infected moviemaker.exe so I manually deleted the file as I don't need it but as soon as I emptied my recycle bin the moviemaker.exe file returned back to its original folder.

I'm afraid something really nasty has infected me. Avira is detecting it as a W32/Infector.Gen2 and Maleware Bytes is detecting 2 Malware.Packer.Gen files.

I went through the Read Me First steps on this site and preformed everything it asked. However, I was unable to uninstall my previous JAVA (ver 19) and was not able to install the newest version of JAVA. Both gave me errors that the installation program wasn't working.

I'm attaching the logs here. Can anyone help me get rid of whatever is infecting my machine? I would really appreciate the help!

Hi, I'm suddenly having a lot of trouble with malware. My computer seemed to be running okay but I ran Malwarebytes as I occasionally do, and it picked up a fair amount of malware on my system. I deleted it and rebooted, but that's when my problems really began. Upon restarting, my internet connection has become almost unusable. It's extremely slow and generally I can't even open a page that I want after trying to refresh several times. Oddly though, google is working perfectly and a few other sites seem to work too, including this one. I've tried running MBAM again and again, each time it picks up more malware and I remove it, then reboot and the cycle renews. I can't seem to get rid of all of it, every time I scan my system there's just more of it. I've tried ComboFix but it doesn't seem to have done anything. One persistent thing seems to be photo_id.exe, I've got a few messages from MBAM saying it can't be removed and I need to reboot. Also, I've noticed that if I'm trying to reach a webpage, although it won't load there seems to be some redirecting, for example I just tried to reach a wikipedia page and it says &quot;The server at topsearchfeed.com is taking too long to respond&quot; For some reason I can't bloody format this properly no matter how hard I try, so here's an attached HJT log:

Answer:Malware removal attempt led to unusable internet, still can't remove all malware

problem has become more serious, now my mother has told me that the internet on her laptop is also extremely slow and essentially unusable, I'm worried that something from my computer has got on to hers via the wireless network we're both connected to. Somebody please help me

Malware sucks. In the best-case scenario, it craps up your system with unwanted files and occasionally makes itself known in the form of a persistent pop-up window or annoying browser-based toolbar. In the worst-case scenario, malware completely takes over your desktop or laptop and ruins your life.

Your system slows to a crawl. You can’t even boot into Windows in the time it takes you to walk to the kitchen and back. Your data gets sent off to a faraway Internet land or, worse, your actual keystrokes are recorded for some unsavory individual to see. Malware locks down your browser, making you unable to actually do any browsing without being carted off to some bogus domain. You can barely run a program in Windows without getting bombarded by fake advertisements, programs, and dancing people on your desktop.

We can’t make this stuff up.

So what’s a computer enthusiast to do? Step zero: Read this guide, because we’re going to walk you through all the key details you need to know to both rid your computer of this junk and keep it free of downloaded nasties forevermore.

Read more at:Maximum PC | Malware Removal Guide 2011: How to Get Rid of All The Latest Malware

Answer:Malware Removal Guide 2011: How to Get Rid of All The Latest Malware

Most excellent reading, thanks for posting for all to see, I , myself, use most all of these myself, the only paid program i have is malwarebytes, the rest are free add ons or are free programs . Thanks.

Dell m1330 Vista home premium. I have malware isses, frequent memory dumps, google redirection and something is preventing me from running or installing anti-malware programs. I had to install malwarebytes using the rename method, but the program will not run in safe mode or normal. I had spybot previously installed but I was also prevented from opening, so I tried reinstalling, but before it can complete the installation I get the blue screen of death memory dump! Before reading the procedure I ran coolweb, kill2me, windows defender and windows malicious software tool. None of the programs found anything. I also perfomed a couple system restores, but both failed.

Should I continue with the cleaning procedure (combofix), or does anyone know how I can get malwarebytes and spybot to run?

Please find attached the logs from the scans in the Windows XP Cleaning Procedures. I followed the Cleaning Procedures but still have a problem. The problems can be pinpointed to yesterday when I surfed to a web site without having an up-to-date Anti-Virus definition files. Before I knew it, I had an infected machine.
There seems to be 2 problems.

Windows File Protection
Files that are required for Windows to run properly have been replaced by unrecognized versions. To maintain system stability, Windows must restore the original versions of these files. Insert your Windows XP Profession CD2 now.

I have Dell OEM Windows XP Media Center 2005 installed on my Dell Dimension 5150/E510. Problem is, Dell has a Windows XP re-installation CD but Dell states there is no 'CD2'.

(2) I keep getting pop ups every time Internet Explorer is open. The pop ups occur on their own.

Hopeful you can help me to fix the problem. :confused
Thanks,
Ankur

p.s. Please note, the AVG Anti-spyware log is not attached because it was not generated by the tool. I scanned my computer using Trend Micro (after updating virus definition files) and I can provide the logs if you need.

Answer:Malware problem not fixed with Malware Removal instructions

Welcome to Major Geeks!

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

Extract avenger.exe from the Zip file and save it to your desktopRun avenger.exe by double-clicking on it.Check the 'Input script manually' box.Click on the magnifying glass icon.Copy everything in the Quote box below, and paste it in the box that opens:

Files to delete:C:\WINDOWS\system32\ctfmon .exeC:\WINDOWS\system32\mlljg.exeC:\WINDOWS\system3... Read more

Had a machine in riddle with viruses which we duly cleaned up and removed without incident. Uninstalled the applications one at a time, restarting each time it was required and all was good.

After removing the last app (dont ask me which one it was I cant rememebr) the machine no longer starts.

It's boot cycling but once we disable automatic restart on system failure it brings up a STOP 24 error.

Have booted to puppy linux and examined the hard drive (which is SATA btw) and the data seems intact so we can assume, physically at least, that the drive is good.

Booting to an XP CD and attempting to access the recovery console to run chkdsk /r and it appears the drive is either not detected or is empty (the latter we know not to be the case)

Boot to an X CD to attempt a repair install and it tells me there is no hard drive present.

Check the BIOS and the drive is detected properly. swap the hard drive for a SATA CD and it detects the CD without issue which makes me thing the SATA controller must be functioning too.

Now it seems that the this single disk system has some kind of RAID configured on it according to the boot screens. My next step would be to remove the RAID but I'm concerned it might format the drive. Is this likely? It has an ASUS A8R-MX/S motherboard but the info I get from their site is a little vague.

Am I on the right track with the RAID thing or way off base, help me folks its driving me nuts.

Hi, i got infected because i was triying to run malwarebytes and it skip the part of analising the files, it ended in arount 1 minute in a full scan, and i tried to download dr web cure it, and it dont allow me, the computer seems fine, but those things are very strange, and when i was running the scan i was in safe mode...

thanks for the help

Answer:Malware infected, malware removal tools useless

Greetings samidelcueva and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter pro... Read more

Hi. I am trying to diagnose a problematic laptop for a friend. I don't know the details of what happened to cause the problems. The main problem I can detect is that the laptop is EXTREMELY slow. It seems like anything I try has a delayed response (even a simple mouse click). I followed the Malware Removal Guide, but was only able to run two of the five suggested tools as follows:

1) SUPERAntiSpyware - I ran this after manually updating the definition files on the version already installed and the scan found nothing.

2) Malwarebytes Anti-Malware - I was not able to update the definition files for the current version installed. After several attempts to uninstall this (via the Control Panel), I was able to do it via CCleaner. However, I was not able to re-install a more recent version due to problems with the Windows Installer service. After uninstalling an outdated version of Java (Update 14) via the Control Panel, I have not been able to install/uninstall any more programs.

2) combofix.exe - not compatible with 64-bit OS

3) RootRepeal - did not run on 64-bit OS

4) MGtools - did run; kept getting errors, but continued to completion

I am not seeing any malware in those logs. I do not know why MalwareBytes would not run, are you able to run it in safe mode? How does the PC behave when you use safe mode?

More than likely I think I will be sending you off to the software forum.

We can do this:

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

HEY GEEKS NEED A LITTLE HELP. I HAVE A WINANTIVIRUS POP U THAT COMES UP EVERYTIME I AM ON THE NET, AFTER U X IT OUT 5 TO 6 OTHER POP-UP COME UP ABOUT A VIRUS. I AM RUNNING AVG EVERY MORNING, SYBOT SEARCH AND DESTROY, AD-WARE 6.0. HERE IS A HIJACK THIS LOG FILE TELL ME WHAT TO GET RID OF PLZ.

EDIT: Removed inline HJT log

THANKS

DOOKIE

Answer:winantivirus removal, malware removal

Hi and Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

Run this first

Virtumonde aka Trojan Vundo Removal - some people also refer to this as WinFixer

Then run the below and atach the requested logs for the malware experts to look over.

Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for SupportMake sure you check version numbers and get all updates.Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.

​When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:

[*]runkeys.txt - the log from GetRunKey.bat
[*]newfiles.txt - the log from ShowNew.batCounterSpy - ONLY IF you were not a... Read more

What I'm trying to understand if what kind of malware infected the web site I visited. Some technical specs could be useful . The web site is of a my friend and I'd like to help them to identify the malware infected their web site...

* Scroll down to ?Non-plug and Play Drivers? and click the plus icon to open those drivers.
* Then search for TDSSserv.sys
* Let me know if you find this or not.
* If you do find it, right click on it, and select Disable. Do not try to uninstall it.
* Also if this is found and you disable it, then reboot and see if you can run the cleaning procedure and attach the requested logs.

but the device mentioned is not present (although there are a few that have error "!" things next to them, but 30 or so others.

:confused have no idea if any of this will help you lovely helper person, but i guess im just trying...

Hi. Thanks for this. I need to first tell you that I don't even know how to generate the logs everyone posts here for troubleshooting. I'm sorry. Maybe someone could tell me how, then I will.

Because my laptop wouldn't even boot to the O/S last week, DELL's tech support helped me move files, reformat and reinstall the OS. I reinstalled McAfee. A security tool warning popped up. I knew it was rogue; I came here and got rid of using mbam and process explorer - very easy. Or I thought I did. On my daughter's desktop this morning, there were 3 porn shortcut links ON HER DESKTOP!!!! There was also a link to "Active Security" - trying to figure out wtf this was it turns out it was another rogue. Awesome. It at least had an uninstall on Add/Remove programs... but obviously it is not gone, if that is even the cause of all this... Thinking MBAM would be a logical quick fix, I figured I would try that. My Mbam won't load - I have reinstalled and it - it reinstalls and then when I try to quicksccan it says I don't have permissions and then I can't even open it again. I can reinstall, then it is hijacked when I try to scan. My McAfee won't scan either so both are being hijacked and I also am having the same browser redirects as others when clicking on sites from search results. McAfee can't even fix itself. In safemode, McAfee tells me the truth at least that it is not working (in regular mode it poses like everything is... Read more

Answer:Ugh - Malware Removal Tools Disbled by Malware

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

About a week ago, I noticed that when running Internet Explorer www.google.com that clicking on a website would take me to an add instead of the website. If I clicked back and clicked on the website again, it would correctly go to the website.

A day or two before noticing this issue I had upgraded to AVG 8.0 Free and had installed the latest Firefox version.

I am running a Windows XP Professional SP2, Intel Pentium 2.8 GHz.

I ran the instructions at forums.majorgeeks.com/showthread.php?t=35407 and am still experiencing the same issue as described above.

Any help would be greatly appreciated! This is the first forum I've ever posted to so be patient!

Have got a strange one, where have attempted to remove XP antispyware 2009 using malware antimalwarebytes. Looks to have been partly successful - but have got something else interfering. Frequently have pages on IE as "not found".

Have posted HJThis log and Malware Antimalwarebytes log below. Thanks for any assistance.

When I try to run a scan from usind AVG anti-virus, Avira, Windows Defender, or SuperAntiSpyware; when the scan gets to a certain point, Windows shuts computer down with a blue window. It says Kernel_Stack_ Inpage_ Error plus some standard verbage about if you recently installed sortware/hardware,see administrator, etc. At bottom it says: STOP: 0x00000077 (0x00000001, 0x00000000, 0x00000000, 0xF79B1D24). I could sometimes run AVG scan in "select drives/folders" mode but recently it quit allowing that after I upgrade to AVG 9 (free). I uninstalled AVG and went to Avira but with same results. Scanning with Windows defender did the same. I recently installed and ran SuperAntiSpyware and was able to pinpoint problem to " System Volume Information" directory. I am unable to open to see contents as Windows shows no files in it. When I ask Ariva to scan it, Ariva says no files also but if I use AntiSpyware to scan, it shows many files during it's scan but will get to a certain point and computer will shut down. I can almost see file that shuts it down but it happens too fast to catch it. I was able to run "RootRepeal" and log is below. I was not able to run "DDS.scr".

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

My computer recently became infected. At first, my taskmanager and regedit were locked. Next, my desktop background was locked. I fixed these problems, but continue to be bombarded with malware in my running processes which regenerate upon rebooting. Eventually, I could not startup Windows. Once the Windows loading page was finished, my computer would restart. I upgraded to XP Pro, can now log on, but still have malware. Please help! Thanks for your time!

Answer:completed steps in "READ & RUN ME FIRST MALWARE REMOVAL GUIDE" and still have malware

Re: completed steps in "READ & RUN ME FIRST MALWARE REMOVAL GUIDE" and still have mal

I have followed recommended protocols to suceessfully remove the "Trovi" malware from my computer.But have one minor problem.The virus removal programs successfully removed the malware programs, as the program no longer runs on my computer.But the malware appears to have left code in the windows startup directing the computer to run files which are now no longer present on my computer.Problem is that this causes the following Windows Popup box "Run DLL" to come up , before any other windows startup programs run.

The Pop up box contains the following wording"

" There was a problem startingC:\Users\LESTER\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dllThe specified module could not be found."

Does anyone have any suggestions on how to get rid of the code lines in start up that lead to the popup box, so that it will no longer occur at computer start up.

So I got infected with this virus/malware MS Removal Tool. Things that I noticed: it created a file nvpcpl.dll, hid all my d drive files and removed 90% of the items from the Start > All Programs menu. I ran through all the scans but still cant seem to get the programs in the All Programs menu back. Attached are my clean scans in the order recommended. Just as an fyi, C: is my primary drive, D: stores all documents/pictures/music, F: is the external hard drive. Thanks for the help.

Answer:Malware removal help - MS Removal

Things that I noticed: it created a file nvpcpl.dllClick to expand...

See this link About nvpcpl.dll You do not have macafee installed and I am not seeing the file in your logs. Do you still see it? If so give me the full file path. But you also have NvCpl.dll running which relates to Nvidia which IS installed.

Download and run OTM.

Download OTM by Old Timer and save it to your Desktop.

Right-click OTM.exe And select " Run as administrator " to run it. Paste the following code under the area. Do not include the word Code.

Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste. Push the large button. OTM may ask to reboot the machine. Please do so if asked.Copy everything in the Results window (under the green bar), and paste it into notepad, save it as something appropriate and attach it into your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file prese... Read more

I managed to pick up the latest Personal Shield Pro Malware and have so far spent the best part of two days trying to sort out my PC.

So far I have managed to get the malware to think I have paid for it so it doesn't keep popping up. I have run malwarebytes and AVG (for good measure).

My initial problem was that I only had a balck screen with a flashing _ top left but, eventually, managed to boot from the XP CD. With this forums help I have managed to get to the recovery mode and now I am completely lost.

Any help would be sooooooo much appreciated.

Mot44

Answer:Malware removal

Hi Forum

I'm not sure how to let you know I have decided to call in an expert to sort out my PC as I use it for work.

Hope this post is the right thing to do.

Great site and really appreciate that people give their time voluntarily so really needed to let you know.

How do I remove malware named "Best Malware" that was deposited onto one of our computers? I know that there are downloadable software packages but I don't want to intefere with McAfee Total Protection.Edit: Moved topic from Win 7 to the more appropriate forum. ~ Animal

Answer:malware removal

Hello and welcome.. Please click Start > Run, type inetcpl.cpl in the runbox and press enter.Click the Connections tab and click the LAN settings option.Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.Reboot into Safe Mode with NetworkingHow to start Windows 7 in Safe Mode>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1Link 2Link 3Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how. Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator) A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed. If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead... Read more

Hi, Having malware again in a computer we cleaned about 7 or 8 months ago. New operator now. Maybe something was missed? or sabotage. We have been having voices and pop-ups for installing Flash player. Web pages turning into porn pages.

I did the READ ME FIRST thread and the log files are attached.

We are running Windows 10 pro.

Thanks,

Jim

Answer:Need Help With Malware Removal

jallenaz said:

↑

Hi, Having malware again in a computer we cleaned about 7 or 8 months ago. New operator now. Maybe something was missed?Click to expand...

7 to 8 months is more than enough time for people to reinfect a computer. Many people can reinfect a computer in 10 minutes especially if they do not follow safe surfing procedures.

Hey everyone, thanks for your time.I've run AdAware, Stinger, Spybot, Panda, and AVG; I am convinced that malware is still lurking in my computer. One particular example is cyj.exeToday it has morphed into kuji.exe and is dropping icons onto my desktop.I'm new at this, so if I missed something, let me know. Here's a hijack log:Logfile of HijackThis v1.99.1Scan saved at 9:34:25 AM, on 6/10/2005Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Messenger\msmsgs.exeC:\windows\system\hpsysdrv.exeC:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exeC:\HP\KBD\KBD.EXEC:\WINDOWS\System32\igfxtray.exeC:\WINDOWS\System32\hkcmd.exeC:\Program Files\Java\jre1.5.0_02\bin\jusched.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\Program Files\iTunes\iTunesHelper.exeC:\PROGRA~1\Grisoft\AVG7... Read more

Answer:Malware removal

Hello anaximander and welcome to the BC forums. After reviewing your log I see that you are running msconfig in /auto mode which means that you may have selectively removed some items in the past from the startup procedure. This can hide malware from us when we are performing a fix, so we would like you to reenable those startup entries by doing the following:Please click on Start, then Run, and type msconfig and then press Enter. When the window opens you should be on the General tab. Click on the Normal Startup item. Then press ok until you are out of the program. It will ask you to reboot so reboot normally.Now please create a new Hijackthis Log and post it here as a reply. I will review it when it comes in.OT

In the past week or two my computer has been getting slower and slower and slower. I have noticed a process named "ctalogd.exe", within the task manager window, googled it and found it to be some sort of malware. I noticed that HiJackThis is a common tool used for you to help us, so I have downloaded it and will be patiently waiting for instruction.

I have avg and counterspy but this process is left undetected. Help would be much appreciated with this removal process. Please advise. Thanks!

Answer:Malware Removal?

Are you using Cisco Systems? ctalogd.exe is related to the Cisco certification agency agreements service process and installed in this path:C:\Program Files\Cisco Systems\CiscoTrustAgent\ctalogd.exeAnytime you come across a suspicious file, search the name using Google or the following links:BC's File DatabaseBC's Startup Programs DatabaseFile Research CenterThreatExpert Malware SearchIf no search results are found, you are given the option to "Submit a New Sample".Determining whether a file is malware or a legitimate process sometimes depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file. However, it then places itself in a different location on your computer. A file's properties may give a clue to identifying it. Right-click on the file, Properties and examine the General and Version tabs.If you cannot find any information, the file has a legitimate name but is not located where it is supposed to be, or you want a second opinion, submit it to jotti's virusscan or virustotal.com. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.Post back with the results of the file analysis.

*Other than the tools our guide instructed you to save there, I strongly recommend that you clean up this account's Desktop immediately leaving only shortcut links. [ C:\Users\Integrity\Desktop ] Do not store downloads, exe files, iso files....etc on your Desktop. First it is not a safe place to keep them (i.e., you may loose them due to malware, and a cluttered Desktop is an easy hiding place for malware), and last but not least - it can have an effect on your PCs performance.

Ignore all other detections.
Afterwards, click the Next button.
HitmanPro may want to reboot the PC in order for the changes to take affect, please do so.
After reboot and when you are back in Windows, run another scan with HitmanPro and then attach the latest HitmanPro log

Please re-run RogueKiller and run a scan. After it finishes the scan, select the Registry tab and then select any of the below that exist and then click the Delete button.

Computer has been slow for a while but I have really just started troubleshooting. I have done your steps in Read and run first and attached logs. I was unable to complete RogueKiller - It kept freezing. For some reason I am unable to attach malwarebytes log. (because it is not an allowed extension. it is an .xml file???) At this time computer still works the same. It works but just slowly. Thanks for your help

Answer:I Need Help With Malware Removal

Hi there lisalisa.

You need to follow the instructions again carefully for uploading the correct Malware Bytes log. What you have attached is unreadable. You can run RogueKiller in safe mode... see if it works that way.

I have Vista 64-bit Asus computer. Upon start-up it is missing two .dll files that I know are malware of some sort, but it is constantly slowing the computer down and when you try to search in google it takes you to an entirely different page than it should have. There is a teenage boy in the house who probably was looking at some things he shouldn't have.

The names of the .dll it is missing are: ecinibekepem.dll and cnd3101a.dll. Some other errors that have popped up involve scanidiskdv31.dll ecload77.dll and nvcpldaemon.dll.

Your assistance in helping me fix this would be fantastic. As I am very grateful with any assistance you can give me. Thank you so much in advance.

Answer:Malware removal help

Hello Naomi0709 and welcome to the forums

I am currently doing a malware removal course so I will be unable to assist you with the malware removal itself. But I can help diagnose the problem to make it easier for other users to assist you. Can you do the following for me please?

OTL

Download OTL to your desktop.Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.Once OTL has completed its first scan it will save notepad copies of the scans in the folder that OTL was started from. Unless set to produce an Extras log it will only produce OTL.txt in subsequent scans.

A copy of an OTL fix log is saved in a text file at

:\_OTL\MovedFilesin most cases this will be C:\_OTL\MovedFiles

aswMBR

Please close any open work because sometimes this will cause a BSODDownload aswMBR from here and save it to your desktopRight click on it and select run as administratorWhen it opens, click ... Read more

Hello.First time submitter. I'm experiencing periods of total internet slowdown for this one machine in my house (other devices are experiencing no such slowdown). Machine is not under heavy cpu or mem usage. Browser, ftp, dropbox all slow to a crawl at random times. I'm unable to find a common thread.

Welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs. 1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.2. The fixes are specific to your problem and should only be used for this issue on this machine.3. If you don't know or understand something, please don't hesitate to ask.4. Please DO NOT run any other tools or scans while I am helping you.5. It is important that you reply to this thread. Do not start a new topic.6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.7. Absence of symptoms does not mean that everything is clear.Please delete ComboFix from your desktop if it is still there and download and run this one.Please download ComboFix from BleepingComputer.comAlternate link: GeeksToGo.comRename ComboFix.exe to commy.exe before you save it to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found hereClick Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdelAs part of it's process, ComboFix will check to see if the Micro... Read more

It's been a while since I have been here!! Read me first is done and I am up to step 4 of your cleaning thread.

Story - daughters brand new laptop, not sure how she's done it but seems to be full of some sort of malware. Running very slow, popup ads, lots of warnings etc.

A few programs won't uninstall at all which I have since found to be malware of sorts. DNS Unlocker, Crimewatch, SuperOptimizer plus a few others that just won't uninstall.

The Malware bytes log is empty - I downloaded and ran it last night before coming here. There was close to 200 items on it. Should have come here first but didn't think of that till today
MGtools - I successfully downloaded it but I couldn't get it to run all the way through even after reading the thread about running it. It kept saying access denied. UAC has been disabled, it did not give me any options about running as administrator.
TDSSKiller came back clean.

I also was not given options at all to save to desktop for any of the downloaded programs

Please let me know if there is anything else you need to know.

Thank you

Answer:Malware Removal - Please Help

MGtools - I successfully downloaded it but I couldn't get it to run all the way through even after reading the thread about running it. It kept saying access denied. UAC has been disabled, it did not give me any options about running as administrator.Click to expand...

Try running it again, ensuring that antivirus software is disabled, and you can indeed right click and run as admin. Failing this, reboot into safe mode and try and get it to run that way. It's one of the most important logs containing alot of info.

Re run Hitman Pro, activate/enable the free trial, and then have it remove all that it finds, EXCEPT for 'Suspicious files'. They are fine.Give Malware Bytes a rerun, let it quarantine anything else it may find.Fix items using RogueKiller.

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/419044 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Answer:Malware Removal

Hello again!I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.Thank you for using Bleeping Computer, and have a great day!

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.Please run the following tools in the order listed.Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it Click the "Scan" button to start scan. Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANTPlease post the contents of that log in your next reply.There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.===Please DownloadTDSSKiller.zip>>> Double-click on TDSSKiller.exe to run the application.Click on the Start Scan button and wait for the scan and disinfection process to be over.If an infected file is detected, the default action will be Cure, click on Continue If a suspicious file is detected, the default action will be Skip, click on ContinueIf you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please c... Read more

Hi, I went through the steps and I am still having issues. There is still multiple pop-ups and ads being spammed at me whenever I use any browser. I followed the steps including the junkremover for browser hijacking and this is still occurring.
It has been happening for the past 3 days when my girlfriend brought here computer from work home to work at home. She tried to download software she needed for work from a source that was less than legit.

I was unable to upload the hitmanpro log as it exceeded the maximum allowed file size.

Also, the correct malwarebytes log did not make it to my flash drive, so I will have to retrieve the copy and upload it later tonight.

Answer:malware removal help

Zip the Hitman log or split it into two parts and attach it that way. Also attack the MBAM log.

Hello, attempting to clean up a friend's pretty badly infected comptuer. Ran the Readme and Run me, and things appear to have cleared up, but I just wanted to make sure there were no residual infections that are not exhibiting any obvious symptoms since there were MANY instances of infections found during the scans. The scan logs are all attached, thank you in advance for your help!

Answer:Malware Removal Help

Couldn't fit the ComboFix log in my first post, attached it to this one.

Attached is the log. I was able to take all of the recommended steps other than updating Java.We are unable to connect to the internet through our desktop home computer. We have Zone Alarm on our home computer but it was not updating properly. In addition, when typing in an internet address, it would sometimes take us to google images instead of the website address I had typed in on the URL. After a couple of tries, I could get to the website I wanted. Shortly after the misdirection problem started, the internet stopped working - I would get a "cannot connect/webpage unavailable" message from Internet Explorer. The computer runs on Windows Vista. We called our ISP - they tested the connection and it appeared to be fine (and other computers using the wireless network at home have no trouble connecting). We also tried installing Firefox thinking there was a problem with Internet Explorer but it didn't help. Zone Alarm has been unable to help us. Any suggestions for us? Thank you very much for any help.[attachment deleted by admin]

Answer:Malware Removal Help

Out of curiosity, why did you post this as a PDF file and not a text file? Any chance you can post this as a Notepad file instead? It would make it MUCH easier to work with. And how about SAS and MBAM logs?

Hi,I have the obrona adware virus / malware. Malawarebytes detects it says its removed it restarts but actually hasnt removed is as it keeps popping up with (x86)\Wmakinsting\Wmakinsting.exe.I have very technical and even I am stumped at this. Any help would be massively appreciative.Thanks Nathan

Answer:Help With Malware Removal Please :(

Hello there

I'm LighthouseParty and I'll be assisting you with your concern today. Let's run a couple of scans to see what could be causing this.

Install and run a scan with Malwarebytes Anti-MalwareClick here to download Malwarebytes to your desktop. Double click mbam-setup-x.x.x.xxxx and follow the on-screen instructions. On the dashboard, click update now. After that, click scan now - the scan will now begin. When the scan's completed, select apply actions - make sure the action is quarantine. Restart your computer.How to get the log.On the dashboard, select the history tab and click application logs. Select the log which has the time and date of when you did the scan. Click copy to clipboard and paste it into your reply. Download Security CheckClick here to download Security Check to your desktop. Double click SecurityCheck and follow the on-screen instructions. A log should open, called checkup.txt. Please post the contents of it in your next reply.Thanks and good luck!

I am using a Win 7 64bit laptop. My Norton 360 expired last month and only now I renewed it. Before I renewed it, my computer started showing malware activities. My AbBlock did not work, audio plays (either online or offline) did not give sounds after about a minute, downloaded unintentional programs etc. I ran a full scan from Norton 360 but still I those issues.
Thank you.

Answer:Malware Removal

Hello, YACwade

Please read ALL of this message including the notes before doing anything.

Please follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide

and then attach the requested logs to your next reply when you finish these instructions.

**** If something does not run, write down the info to explain to us later but keep on going. ****Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes, you could use a flash drive too, but flash drives are writeable and infections can spread to them. If you cannot seem to login to an infected user account, try using a diffe... Read more

Hello!I could really use some help with removing a virus I've got on my computerf. I hear audio ads playing in the background even with nothing running, and there is often a ghost iexplorer.exe process running in my task manager. Furthermore, search engines redirect me to random sights and internet randomly restarts(not sure if that's strictly related though). Thank you for any help you can get me. Here are the logs from dds, and I'll also attach the other part. And yeah, I know I need to update ESET but I want to get rid of this virus first.DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29Run by Alex at 20:29:17 on 2011-11-03Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.4093.2370 [GMT -4:00].AV: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}SP: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\system32... Read more

Answer:Need help with malware removal

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 31. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the runn... Read more

Hello,In the past few few weeks Norton Internet Security 2010 has been reporting repeated attacks from remote IP addresses nearly every 10 seconds while my computer was connected to the internet. In the past couple of days my computer has slowed down enormously and norton no longer detects anything wrong with my computer during scans. CPU usage is between 90-100 at all times. Way too many svshst executables are running (between 5-10). When I try to end these processes a dialog box comes up and says acess is denied. Windows Unlocker can't do anything about it. Yesterday while trying to end the processes the famous dialog box with 60 seconds on the timer before the computer will be forced to shut down showed up, so I assume I have a rootkit. When I tried to attach my hijack this file i was unable to- the window refreshed and reported that the connection had been reset. This occurred 5 times in a row so I am assuming that is abnormal as well. I had to go to another computer to be able to attach the file. Thank you in advance for your help!!!!

Answer:malware removal/hjt log

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

I have run all 5 scans that your Malware removal page lists. I can't find the RKreport[1].txt file. You said to run each thing only once. How can I get the report to you for Rogue Killer?

I started having trouble 2 days ago when I received a notification to update myplayer. I guess I thought it was for my media player but that's when all this other stuff came with it & my computer is so slow along with pop ups & even whole page pop ups.

Hope this helps you help me. I'm lost!!!

Thank you

Answer:Malware removal

Welcome to MajorGeeks!

Run RogueKiller again - after clicking Scan and it has completed, click on Report for the RKreport_SCN_09132014_xxxxx.log to be opened. That is the log we want attached. (Copy & Paste it into Notepad > save to your Desktop to easily find it again)

C:\WINDOWS\system32\atmclk.exe FOUND !C:\WINDOWS\system32\dcomcfg.exe FOUND !C:\WINDOWS\system32\hp???.tmp FOUND !C:\WINDOWS\system32\hp????.tmp FOUND !C:\WINDOWS\system32\ld????.tmp FOUND !C:\WINDOWS\system32\ot.ico FOUND !C:\WINDOWS\system32\regperf.exe FOUND !C:\WINDOWS\system32\simpole.tlb FOUND !C:\WINDOWS\system32\stdole3.tlb FOUND !C:\WINDOWS\system32\1024\ FOUND !

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, a menu with options should appear;Select the first option, to run Windows in Safe Mode, then press "Enter".Choose your usual account.Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmdSelect option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.

I scanned my pc and found out that it is infected with allure.My microsoft security essential asked me to download windows defender in other to remove it.After running windows defender offline,it didnt find any viruses but as soon as i go into regular mode,the virus shows up on MSE.what other options do i have?

To whom it may concern, the following 3 logs are in order to request malware removal help. I accidentally made 2 posts because I couldn't until now figure out how to add to an existing one. My computer is messed up to the point that I can't even read all of the info on web pages. I'm sorryand I'm going to attempt to delete the other topic. Thanks, Linda[attachment deleted by admin]

Answer:malware removal

Read this before requesting malware removal help did you not following the instructions in the top post ( as above ) on this page , harry

I was recently infected with dropper.agent.dgo, I ran combofix.exe and got rid of all the pos___.tmp files. However, I think my registry may be infected because I don't have a clean feeling whenever I use my computer, it seems slow. Also, I tried to boot my computer in safe mode earlier, it stopped loading the files and the screen went blank. Here is my HJT log. Please tell me if I am clean or what recommended anti malware programs to use. I have already tried AntiVir (Great)
AVG 7.5 (OK)
AVG Anti-Spyware (OK/Great)
Avast! (OK)
SpyDoctor...? (Terrible)

I need something to have a great updated scanner and I am willing to pay for the protection, all recommendations and help are appreciated, thank you.

Your assessments of the various malware removall programs are in agreement with our own. I see that you have Viewpoint and Weatherbug both installed on your computer. Both bring malware into the computer. My recommendation is that you work through the READ & RUN ME FIRST, skipping any of the steps you've already done and attach the requested logs when you're finished. HijackThis doesn't give us a very good picture of what's going on in your computer.

Can I beg for help from this discontinued thread. I don't know why your man abandoned our attempt, but I had done all up to running the scan for viruses online. It would not run, so I had asked for a link to another such program than ESET - (I believe?)

I actually wrote that I may not have any problem beyond the confusion caused by Win10 enabling BOTH IE, and EDGE.

This is the prior thread, must I copy and paste it all seperately?http://www.bleepingcomputer.com/forums/t/595283/am-i-infected-my-first-post-here/

Thanks much,Patrick

Answer:Malware Removal

PADRAEG:No need to copy your previous threads. The link works fine."Your man" did not "abandon" you. Buddy215 advised you to post the appropriate log files in the Virus/Trojan/Spyware and Malware Removal Logs Forum (his post here). Forum rules prohibit the posting of FRST, OTL, Zoek, etc., logs files in this Forum. Buddy215 obviously concluded that you needed advanced malware analysis and removal.Please follow his advice and post there. Be advised that the "... Removal Logs" Forum is very busy. It can take up to five days to get an initial response. Please do not bump your post or the members of the Malware Response Team might think that your topic is being handled. I know that being patient when your computer is not working correctly is very frustrating, but our MRT members are all volunteers and they are very, very busy. You will get help.Have a great day.Regards,-Phil

I've started the Read & Run Me First malware removal guide. I've attached the results for the counterspy scan, activescan, and runkeys. I've run bit defender several times, but the window doesn't stay open afterwards for me to be able to get a report.

I'm doing this Read & Run Me First malware removal guide as a first step to getting rid of j?vaw.exe, a program that keeps popping up every time I turn on my machine. It comes up on my Symantec Antivirus and I have to reboot everytime in order to delete it, but it never really deletes. Is this a good way to go about eventually getting rid of this? Also, once I've downloaded counterspy, is it recommended that I have it as part of the start up so that it is always on my system tray?

My machine is a hp pavilion ze4800 laptop. It has 768 MB of RAM and a mobile AMD Athlon(tm) XP2800+ 2.12 GHz processor.

More Questions:
How many processes is it normal to have running? In my Windows task manager, I have about 70 running. Also, the names of all the processes running are not very descriptive, is there an easy way to determine which processes should be running and which ones are potentially harmful that I should remove?

Answer:Malware removal

Please re-run counterspy and have it fix/quarantine everything that it finds!

Then please follow: How to view hidden, system files & folders!

Download this file - Combofix.exeDouble click combofix.exe & follow the prompts.When finished, it will produce a log for you. Attach this log to your next reply

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Im usually pretty good with virus and malware removal, but I have a doozy on my hands.

To make a long story short, I inadvertently trusted an executable and it has wreaked havoc on my home ppc.

I have been working on it 2 days and have made progress but this is where I am.

My borwser ranadomly redirects to sites Im not going to when I use goole links and probably yahoo, although I rarely use yahoo.

I was using Symantec endpoint protection, but whatever was installed, pretty much ruined it. Full scans of my C: drive wouldnt fully scan. It only scanned about 1000 files and then said it was completed.

I have since tried to uninstall Symantec but it wouldnt uninstall fully.
Im going to try another attempt to uninstall tonight.

But that isnt the problem, I have run several malware programs includin Hijack This, Root Repeal, Loaris Trojan remover, and deleted a bunch of garbage.

But..... Root Repeal found the following files which are hidden and invisible.

Hi there!I've gone through all the steps u recommended here. There were some slight problem during the process, mainly after running quick scan with anti-malware and rebooting as recommended, the system crashed, and have to do a restore to boot. After that I run cc cleaner again, and malware again (SAS haven't find anything earlier, therefore I skipped to run it again). In that run, malware stated -finally- everything as clean. However AVG keeps sending alerts about Packed.Protector.C in atapi.sys. (The system itself is already looking much more healthier, thanks)I'll try to attach all the logs I've created during the process. Thx in advance[Saving space, attachment deleted by admin]

Answer:Malware removal help

Never mind! I've read everything here, using the self helping methods (your analizer tool as well), and combofix (great scripts) and my pc is clean. Thx for the great posts and itineraries

Hello klemak and welcome to Computer Hope Forum. My name is Superdave but you can just call me SD. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs. 1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.2. The fixes are specific to your problem and should only be used for this issue on this machine.3. If you don't know or understand something, please don't hesitate to ask.4. Please DO NOT run any other tools or scans while I am helping you.5. It is important that you reply to this thread. Do not start a new topic.6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.7. Absence of symptoms does not mean that everything is clear.Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.Exit out of MessengerDisable then delete the two files that were put on the desktop.Open HijackThis and select Do a system scan onlyPlace a check mark next to the following entries: (if there)O2 - BHO: (no name) - {7E853D72-626A-48... Read more

have tryed steps 1-8 in "preperation guide", none of the steps seem to have worked as described. for example dd.scr is being called infected by the malware on my machine and its execution is being blocked. likewise with defogger and firewall settings. is there another way or perhaps stronger software? the infected machine has been isolated from network and internet connections (unplugged) OS: Windows XP Pro, version unknown and not accessable due to malware control of machinemalware points to "ANTIVIR Solution Pro" any help will be welcome thank youikan

Answer:malware ? removal ?

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Hi. I think Symantec is not doing the job it is supposed to. It is up to date but did not find any of the files the programs you suggested in the Malware Removal Guide. I am submitting the files requested for your review. Any and all help removing the viruses and malware from my computer would be GREATLY appreciated. Thank you for all your help.TsagiCCLEANER:ANALYSIS COMPLETE - (0.123 secs)------------------------------------------------------------------------------------------0.30MB to be removed. (Approximate size)------------------------------------------------------------------------------------------Details of files to be deleted (Note: No files have been deleted yet)------------------------------------------------------------------------------------------IE Temporary Internet Files (29 files) 0.23MBC:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt 340 bytesC:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt 101 bytesC:\Documents and Settings\HP_Administrator\Recent\CCleaner log 4 16 2009.lnk 837 bytesC:\Documents and Settings\HP_Administrator\Recent\Malware Forum Software.lnk 485 bytesC:\Documents and Settings\HP_Administrator\Local Settings\Temp\CmdLineExt03.dll 39.50KBC:\Documents and Settings\HP_Administrator\Local Settings\Temp\IadHide5.dll 24.04KB------------------------------------------------------------------------------------------Malwarebytes' Anti-Malware 1.3... Read more

Answer:Malware Removal Help

I have removed the attached files and copied them into the text..... Could I use ComboFix to Fix my computer? I don't really understand the results of Hijacker so I don't know if I have issues or not. Would any of these programs tell me if someone has physically installed spyware on this computer? Like tracking the keyboard clicks?Thank you.

My wife's computer seems completely f**ed. Started with endless pop-ups, redirects, dropping the internet. I've done the malware removal process. Couple of things. MBAB did not give me an option to save a log. It apparently DID quarantine a bunch of stuff. Second, MGTools seemed to be denied excess many times. I'm running Win8, should I have tried to disable UAC? Also the MGzip log is in the MGTools folder. I'm going to attach it with the other logs I WAS able to get. But later in the instructions you say not to attach that log but one out of the MG.exe. I'm confused. Can't find the TDS log.

Hi guysI'm new to the forums and i followed all of your guide to removing the malware, I have all the logs ready but I'll give you some background info first.I let my friend use my laptop while I was on vacation last month. I got it back and he said there was a lot of viruses on it. Download AVG and ran that and deleted what I could than came here and now turning to you guys for advice. After running AVG it still seemed like i had spyware and malware problems because almost everytime i would click on a link to something it would redirect me to some weird search engine or a article not relating at all to what I searched. So i followed your guide step by step and here are the logs...Malwarebytes' Anti-Malware 1.41Database version: 3090Windows 5.1.2600 Service Pack 311/2/2009 7:04:41 PMmbam-log-2009-11-02 (19-04-41).txtScan type: Quick ScanObjects scanned: 95234Time elapsed: 5 minute(s), 2 second(s)Memory Processes Infected: 0Memory Modules Infected: 2Registry Keys Infected: 2Registry Values Infected: 8Registry Data Items Infected: 5Folders Infected: 1Files Infected: 7Memory Processes Infected:(No malicious items detected)Memory Modules Infected:c:\WINDOWS\system32\rahuziti.dll (Trojan.Vundo.H) -> Delete on reboot.\\?\globalroot\systemroot\system32\hjgruibyufoqov.dll (Trojan.FakeAlert) -> Delete on reboot.Registry Keys Infected:HKEY_CLASSES_ROOT\CLSID\{ca7654f9-4f26-43f5-b51a-a20648c4bc3f} (Trojan.Vundo.H) -> Quarantined and deleted successfully.HKEY_CURR... Read more

Answer:help with malware removal

Welcome to Computer Hope, a specialist will be along, please be patient.

I have a problem on a friend's computer. I am usually pretty good at "rooting out" malware and recovering -- pun intended-- but unfortunately this one is beyond me. I was able to get AVAST installed on the machine and run a scan, but it crashed out when it got to what I believe is a rootkit. Although the malware blocked Avast eventually, Avast was able to schedule a scan on reboot... this scan successfully discovered and deleted the first two of the following three discoveries:

Min32:MalOB-EM [Cryp]Java:Agent-KN[Expl]Win32:Sirefef-O[Rtk]

I think Sirefef-O is the big problem; even on the reboot scan the computer crashed when deleting the infected Sirefef-O file. I also think it is hidden/buried in the RECYCLER part of the C:Drive.

The network and several services are disabled on the computer with the problem in both safemode with networking, and normal mode.

Malwarebytes, Avast, and HijackThis all run and were blocked upon discovery of the malware. I am no longer able to run, rename, copy, or delete these anti-malware files or the folders in which they reside. Even as Administrator, I do not have permission: "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."I have run Defogger, dds.scr, and GMER as Administrator in safemode with networking... the log files are posted below.

Thank you for any assistance you can provide on this issue.DDS (Ver_2011-08-... Read more

Earlier this evening I visited an acquaintance's business website. Within seconds of arriving at the site, my Zone Alarm firewall began indicating that files were attempting access and I had numerous other security alerts pop up. My CPU fan started to fire up (which scares me because of a previous infection) and I shut down my computer immediately.

I told Malwarebytes to remove all the found/selected files and AVG to move the file to the Virus Vault.

Because I was concerned about files still hidden and regenerating upon restart, I decided to come to Major Geeks. I've gone through the Read & Run Me First steps and have attached the first 4 logs to this post (5th log to immediately follow). Although I didn't see any problems found in the scans and my CPU fan has since calmed, I want to run the logs by the expert team for peace of mind as I've relied upon Quarantines and the Virus Vault with (what I hope were) minor attacks over the past year or more. Would love to get an 'all clear' before proceeding.

Alright. I hope this is the right forum section to be posting under. If not, please feel free to move it. Onward!

I work at a bank in the IT department. We have roughly 150 pc's that we manage. Some of these PC's connect to a terminal server, others don't. However we have been having some issues lately with people getting loads of popups. I myself actually just ran into this issue today.

What is happening: A user will be using the internet and all of a sudden the entire page turns into one big link. So, no matter where or what you click it will open another window. Of course it's the usual popups stating that your computer is infected and call this number, blah blah blah. So, we then run Malwarebytes. It is pretty much guaranteed to find something. Usually it finds anywhere from 3-20 things. Some of these are PuP's, others are registry keys.

So, after running the scan and removing the bad files I tell them they should be good to go. It usually only lasts a day or two though before we get another call and they are telling us that they are infected again and getting popups. So, we repeat.

What is the deal? I have tried cleaning junk files and then scanning. No luck. The issue seems to happen with any site really. When it happened to me I was actually on this website haha. Other users have it happen from the Weather Channel's website. They were using Internet Explorer so we told them to switch to Chrome. That worked for a while but now the issue is h... Read more

Answer:Malware Removal - Need Help

Sometimes it as simple as emptying the browsers cache. In other cases adware is the culprit and its removal can varyfrom just using AdwCleaner, Junkware Removal Tool and Eset Online Scanner. Using CCleaner clean up is a good idea, too.It is also common to see some trojan dropper installing the adware.

Rebooting the computer would be necessary to completely remove adware and malware in most cases. MBAM asks to do that, too.

Here is the usual instructions for using the programs mentioned above.

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use theRegistry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.CCleaner - PC Optimization and Cleaning - Free Download

Download Malwarebytes' Anti-Malware from HereDouble-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.Click the Scan tab at the top of the program windo... Read more

I suspect we have some sort of malware in a computer. The file explorer is not working like it should. Right now we can't access the root drive to get the tdsskiller log file. I'm lucky when we can access anything on the drives. Usually after opening file explorer we only can see the Desktop. If we can see the drives, when we open folders nothing shows up. I plugged in a usb drive and could not access the files on it. It's getting worse each day.

I hope you can help with the log files I have attached.

Thanks,

Answer:Need malware removal help

It does not look like you are having malware problems. Your logs are clean and the logs also show your files and folders just fine ( including the TDSSkiller log ). Try the below:

Download Windows Repair by Tweaking.com and unzip the contents into a newly created folder on your desktop.

Now run Repair_Windows.exe by double clicking on it ( if you are running Vista or Win 7, use right click and select Run As Administrator)Now select the Start Repairs tab.The click the Start button.Create a System Restore point if prompted.On the next screen, click the Unselect All button to first deselect all repairs.Now select the following repair options:Reset Registry PermissionsReset File PermissionsRegister System FilesRepair WMIRemove Policies Set By InfectionsRepair Winsock & DNS CacheRepair Proxy SettingsRepair Windows UpdatesRepair MSI (Windows Installer)

Now on the lower right side check the box to Restart/Shutdown System When FinishedThen make sure the Restart System radio button is enabled.Shutdown any other programs that you are running now before continuing.Now click the Start button.Be patient while the tool repairs the selected items.It should reboot automatically when finished. If it doesn't then reboot it yourself.

Hello bosslady.. You didn't say which ones... so lets look for them.Reboot into Safe Mode with Networking How to enter safe mode(XP/Vista)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1Link 2Link 3Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how. Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator) A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed. If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your ... Read more

My computer is running very slow. Very often the programs become non responsive. I use Trend Micro and that did pick up a few things but problems are still there. I sesm to have a lot of files and folders with AI_RecyceBin as part of the name. I also recently deleted Update4497 folder. I will attach the logs.

Much appreciated.

Maz

Answer:Malware removal

Hello mazdarx5 and welcome to Bleeping Computer.My name is Satchfan and I would be glad to help you with your computer problem.Please read the following guidelines which will help to make cleaning your machine easier:please follow all instructions in the order postedplease continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clearall logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checkedif you don't understand something, please don't hesitate to ask for clarification before proceedingthe fixes are specific to your problem and should only be used for this issue on this machine.please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed! IMPORTANT:Please DO NOT install/uninstall any programs unless asked to.Please DO NOT run any scans other than those requestedI am looking at your logs now and will reply with instructions shortly.Satchfan

I have had some malware on my Dell Inspiron laptop for a few weeks now, but non of the anti spyware software you suggest comes up with anything wrong.
The problem is, the sound volume goes down or is muted and it tries to access 'my documents' and tries to 'log off'.
I have tried all the steps on the website, but non of the have seemed to resolve the problem.
Can somebody help me remove this nasty critter.

Regards
David

Answer:Malware removal

Welcome to Major Geeks!

You need to attach the below logs which were also requested whether they find anything or not. We do not ask for a HijackThis log. Please attach the logs from the below scans:SUPERAntiSpywareMalwarebytesMGtoolsAlso note that your problems may not be due to malware.

Hello bdawg and welcome to the BC HijackThisforum. I see no signs of viruses or malware in the log. It is clean.It appears that the system time is set to 24-hour format (hence the 13:37:38). There will be no am/pm designation for this time format. To change the format see this MS article: http://support.microsoft.com/default.aspx?...938&sd=techCheers.OT

Lately I have received error that says: Windows Explorer has stopped working. It occured when I tried to drag files to my USB. I read about the error and it was said that malware infection could be behind it. So I followed read and run me first malware removal guide. Here are the logs for you to check.

I had a serious infestation of trojans, adware, and other issues after downloading a file from a trusted website in which I have been a member of for several years. I am running Vista 32-bit and I followed everything on the "Read and Run First" sticky post for my OS.

I am now down to a message when Windows starts up that says something like "Error loading d3dpwi.dll. Module could not be found." I don't recognize this driver and I'm assuming that there is still something dirty in the registry that is trying to call on this driver.

The only other thing is the mysterious appearance of 2 "desktop.ini" files, in hidden mode, that are now on my desktop. They showed up after I ran the malware programs listed on this site.

Also, I couldn't get RootRepeal or ComboFix to work. RootRepeal would crash after a while and ComboFix caused my computer to crash with the blue screen of death, twice. To be honest though, I made the assumption that all was right with msconfig. Then, out of curiosity, I checked it and found that the Startup Selection was set to "Selective Startup" with all options checked.

So, what do you think? How do I get rid of that message at startup? Do you still want to see the files, or should I start the process over?